How to make security authentication for a web application that is using servlets and .jsp. I want to make authentication using tomcat.
Can anyone explain steps I need to take in servlet and jsp for FORM authentication. Servlet is taking care of .jsp page that needs to be secured.
You can also see Chapter 32 of the J2EE Tutorial - though that will deal with generic configuration of a servlet based web app.
If you want to use container managed security, see the other answers.
If you're implementing the security layers in your webapp itself (which can be more flexible IME and definitely more traditional for simple apps) you'll need some sort of framework that integrates with whatever you're using to build the app.
I'm using spring-security myself. It might be a bit overkill for what you're doing, but you can have it work completely orthogonal to your app, i.e. just define some URLs that are protected and redirect users to a form when they try to access something and then if they login successfully let them get on their way. Make sure to stick to namespace-based config if your needs aren't too complex. Beans-based is a bit of a slog if you're not actively using spring. All the information you' need for that is in chapter 2.